Securology

(noun) securology. Latin: se cura logia
Literally translated: the study of being without care or worry

Wednesday, January 30, 2008

Two Words: Code Quality

›
Dr. Brian Chess , Chief Scientist at Fortify and static analysis guru , has a couple very interesting posts on the company blog: one on the...
Monday, January 28, 2008

F-Secure's Academic Malware Analysis Course

›
I would like to see more like this from security vendors/service providers in industry: F-Secure has created a malware analysis course at th...
Tuesday, January 15, 2008

Targeted Bank Malware

›
There have been a lot of interesting things going on with malware these days, but this is on the top of the list (for the next few hours any...
19 comments:

Trust is a Simple Equation

›
[ Begin rant ] OK. If security vendors don't get this simple equation, then we might as well all give up and give in... If you don...
5 comments:
Wednesday, January 9, 2008

MBR Rootkits

›
There is a new flurry of malware floating around in the wild : boot record rootkits (a.k.a. "bootkits"). Yes, for those of you o...
5 comments:
Monday, January 7, 2008

Windows Vista Phones Home

›
OK. Perhaps not "phone home" in the sense that these people think , but it does in fact do it, at least on a minor scale. A Win...
4 comments:
Saturday, December 29, 2007

AV Signature False Positives

›
Kaspersky's AV accidentally identified the Windows Explorer process as malware . The same thing happened to Symantec with their Asian L...
2 comments:
Tuesday, December 11, 2007

OpenDNS - I think I like you

›
I think I really like OpenDNS . It's intelligent. It's closer to the problem than existing solutions. And it's free. Ope...
1 comment:
Monday, December 10, 2007

Gary McGraw on Application Layer Firewalls & PCI

›
This serves as a good follow-up to my dissection of Imperva's Application Layer Firewall vs Code Review whitepaper . Gary McGraw , the...
Thursday, December 6, 2007

Salting your Hash with URLs

›
So, when I was reading this post on Light Blue Torchpaper ( Cambridge University' Computer Security Lab's blog) a few weeks back,...
4 comments:
Tuesday, December 4, 2007

Client Software Update Mechanisms

›
It's 2007. Even the SANS Top 20 list has client-side applications as being a top priority. Simply put, organizations have figured out...
Wednesday, November 21, 2007

Rootkitting Your Customers

›
I am a big fan of Dan Geer (image at left); he always has an interesting perspective on security issues, but that's not to say I agree...
Tuesday, November 20, 2007

Soft tokens aren't tokens at all

›
The three categories of authentication : Something you know Something you have Something you are Physical hardware tokens, like RSA's Se...
4 comments:

Still More TOR

›
F-Secure's blog is discussing how there are more bad TOR nodes out there. I discussed awhile back how TOR's goal of anonymity is ...
Monday, November 19, 2007

Possible Criminal Charges for Lost Laptops in the UK

›
Of course, the media are spinning this as " don't encrypt your laptop and you could go to jail " when the goal of the legislat...
Sunday, November 18, 2007

Analyzing Trust in Hushmail

›
Recently, law enforcement acquired confidential email messages from the so-called secure email service , Hushmail . Law enforcement explo...
Wednesday, November 14, 2007

Pay Extra for their Mistakes: EV Certificates

›
Extended Validation (EV) SSL Certificates are one of the information security industry's worst cover-ups. And to make matters worse, it...
Wednesday, October 31, 2007

Retail, Protected Consumer Information, and Whole Disk Encryption

›
There has been a lot of discussion around retailers pushing back on the PCI (Payment Card Industry) Data Security Standards group. The...
2 comments:
Thursday, October 25, 2007

Opt-in Security

›
So many of computer security implementations today depend on what I call "opt-in" security. It could be called " trusted cli...
2 comments:
Wednesday, October 24, 2007

DNS Re-Binding

›
One of the biggest problems with security threats in the Web 2.0 world is the erosion of trust boundaries . Dynamic web applications pull ...
‹
›
Home
View web version
Powered by Blogger.